Authorization Bypass in IBM Db2 Remote Object Storage
CVE-2026-6938

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Db2
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-6938?

IBM Db2 versions 12.1.0 through 12.1.4 are affected by an authorization bypass vulnerability when users upload to a remote object storage path. This issue occurs due to improper handling of queries, allowing attackers to potentially access restricted resources. It is crucial for organizations using affected versions to apply the necessary updates and patches to mitigate this vulnerability.

Affected Version(s)

Db2 12.1.0 <= 12.1.4

References

https://www.ibm.com/support/pages/node/7273559

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 23, 2026

CVE-2026-6938 Data

JSON